<< Previous Next >>
mail.google.com
> | | >
> | | > Vulnerability Report:
> | | >
> | | > As part of our recent work on the trust hierarchy that exists among email
> | | > providers throughout the Internet, we have uncovered a serious security flaw
> | | > in Ggoogle's free email service, Gmail.
> | | >
> | | > Disclosure:
> | | > We have contacted Google about this issue and are waiting for their position
> | | > before releasing further details.
> | | >
Vendor: http://www.wayport.net
Bug: Authorisation Bypass
Risk: High
Date: 8 April 2008
Author: Pascal Cretain
e-mail: Pascal.Cretain at Gmail dot com
List: BugTraq (SecurityFocus)
#########################################
=======
merely corrupts the page a little, and does not execute any scripts on
you. Honest! Go click the links and see ... Hehe
On 4/26/08, Serg B <sergeslists@gmail.com> wrote:
> Am I the only one who sees the irony of an XSS related email/question
> and example URLs to click? Heh.
>
> Serg
>
injection rather than event handler but I'm sure you don't need my
help for that.
- kuza55
2008/4/26 Kristian Erik Hermansen <kristian.hermansen@gmail.com>:
> Yes, you make a good point :-). However, the purpose of the email was
> that we can't inject anything useful in 5 chars, so the XSS I posted
> merely corrupts the page a little, and does not execute any scripts on
> you. Honest! Go click the links and see ... Hehe
>
======================================================================
Squid Analysis Report Generator <= 2.2.3.1 buffer overflow
======================================================================
Author: L4teral <l4teral [4t] gmail com>
Impact: buffer overflow
Status: fixed version available
------------------------------
======================================================================
Anon Proxy Server <= 0.102 remote buffer overflow
======================================================================
Author: L4teral <l4teral [4t] gmail com>
Impact: remote buffer overflow
Status: patch available
------------------------------
======================================================================
ATutor <= 1.5.5 Cross Site Scripting
======================================================================
Author: L4teral <l4teral [4t] gmail com>
Impact: Cross Site Scripting
Status: patch available
------------------------------
function head()
{
print "\nphpslash <= 0.8.1.1 Remote Code Execution Exploit\n";
print "-------------------------------------------------\n\n";
print " About: \n";
print " by DarkFig < gmdarkfig (at) gmail (dot) com >\n";
print " http://acid-root.new.fr/\n";
print " #acidroot@irc.worldnet.net\n\n";
return;
}
BACKGROUND INFORMATION
======================
"POP Peeper is an email notifier that runs in your Windows task bar and
alerts you when you have new email on your
POP3, IMAP (with IDLE support), Hotmail\MSN\LiveMail, Yahoo, GMail,
Mail.com, MyWay, Excite, iWon, Lycos.com, RediffMail,
Juno and NetZero accounts. IMAP supports allows you to access AOL, AIM,
Netscape and other services. Send mail directly
from POP Peeper and use the address book to email your frequently used
contacts. POP Peeper allows you to view messages
Vendor http://phpcollegeex.sourceforge.net
Versions Affected 0.1.5c
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2009-12-11
X. INDEX
I. ABOUT THE APPLICATION
# Advisory: http://acid-root.new.fr/?0:18
print "\n Invision Power Board <= 2.3.5 Multiple Vulnerabilities";
print "\n ------------------------------------------------------";
print "\n\n About:";
print "\n\n by DarkFig < gmdarkfig (at) gmail (dot) com >";
print "\n http://acid-root.new.fr/";
print "\n #acidroot@irc.worldnet.net";
print "\n\n\n Attack(s):\n";
return;
Discovered by : Khashayar Fereidani a.k.a. Dr.Crash
My Offical Website : HTTP://FEREIDANI.IR
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t] com
----------------------------------------------------------------
Khashayar Fereidani Offical Website : HTTP://FEREIDANI.IR
#
#Discovered by : Khashayar Fereidani a.k.a. Dr.Crash
#
#My Official Website : HTTP://FEREIDANI.IR
#
#Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t] com
#
#----------------------------------------------------------------
#
#Khashayar Fereidani Offical Website : HTTP://FEREIDANI.IR
#
Vendor http://www.miniwork.eu
Versions Affected 1.0
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-04-07
X. INDEX
I. ABOUT THE APPLICATION
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4649.
Contact:
========
edi [dot] strosar [at] gmail [dot] com
Disclaimer:
===========
The content of this report is purely informational and meant for
======================================================================
Linux Mint 8 mintUpdate Insecure Temporary File Creation
======================================================================
Author: L4teral <l4teral [at] gmail com>
Impact: Privilege Escalation
Status: Update available
------------------------------
Name E-Store
Vendor http://www.getaphpsite.com
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2009-09-03
X. INDEX
I. ABOUT THE APPLICATION
Name Miniweb 2.0
Vendor http://www.miniweb2.com
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2009-12-12
X. INDEX
I. ABOUT THE APPLICATION
Vendor http://www.iscripts.com
Versions Affected 2.0
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-01-07
X. INDEX
I. ABOUT THE APPLICATION
Vendor http://www.iscripts.com
Versions Affected 2.2
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-03-07
X. INDEX
I. ABOUT THE APPLICATION
My Official Website : HTTP://FEREIDANI.IR
Our Team Website : Http://IRCRASH.COM
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com
----------------------------------------------------------------
Sql Injection Vulnerability :
My Website : HTTP://FEREIDANI.IR
Team Website : Http://IRCRASH.COM
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com
----------------------------------------------------------------
Mysql Remote Brute Force Vulnerability :
Vendor http://www.digital-scribe.org
Versions Affected 1.4.1
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2009-12-11
X. INDEX
I. ABOUT THE APPLICATION
Vendor http://www.iguanadons.net
Versions Affected 2.0.3
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-07-07
X. INDEX
I. ABOUT THE APPLICATION
==
xoops-1.3.10 shell command execute vulnerability ( causing snoopy class )
==
Author: geinblues ( geinblues [at] gmail [dot] com )
DATE: 9.7.2008
Site: http://enterblue.net/~x90c/
Risk: Midium
==
Vendor http://www.iscripts.com
Versions Affected 1.0
Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-01-07
X. INDEX
I. ABOUT THE APPLICATION
======================================================================
ProjectPier <= 0.80 Cross Site Scripting and Request Forgery
======================================================================
Author: L4teral <l4teral [4t] gmail com>
Impact: Cross Site Scripting
Cross Site Request Forgery
Status: patch available
======================================================================
eTicket 1.5.5.2 Multiple Vulnerabilities
======================================================================
Author: L4teral <l4teral [4t] gmail com>
Impact: Cross Site Scripting
Cross Site Request Forgery
SQL Injection
Status: patch not available
## Authentication Bypass Vulnerability
##
##
## AUTHOR:
##
## DarkFig < gmdarkfig (at) gmail (dot) com >
## http://acid-root.new.fr/?0:17
## #acidroot@irc.wordlnet.com
##
##
## INTRODUCTION:
Multiple Vulnerabilities and Security Bypass
Vendor: http://benjilenoob.66ghz.com/projects/
Advisory: http://acid-root.new.fr/?0:16
Author: DarkFig < gmdarkfig (at) gmail (dot) com >
Released on: 2007/12/16
Changelog: 2007/12/16
Summary: [HT] Remote File Inclusion
<<Previous Next>>
|
